afb-cred: fix default values

Because SO_PEERCRED returns without error even when no data
is available (tcp by example), the resulting uid is now tested.

Also, for tcp, by default avoid by default to create a default
user value. Instead, return NULL. This will allow client having
an HTTP/Websocket connection to get full rights on the binder.

Change-Id: I2defb585bf79c023e2391c2e18d6de17e5112770
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

1 files changed, 9 insertions, 5 deletions

diff --git a/src/afb-cred.c b/src/afb-cred.c
index 87661f19..eda0c9dd 100644
--- a/src/afb-cred.c
+++ b/src/afb-cred.c
@@ -29,6 +29,10 @@
 
 #define MAX_LABEL_LENGTH  1024
 
+#if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED)
+#  define NO_DEFAULT_PEERCRED
+#endif
+
 #if !defined(DEFAULT_PEERSEC_LABEL)
 #  define DEFAULT_PEERSEC_LABEL "NoLabel"
 #endif
@@ -117,15 +121,15 @@ struct afb_cred *afb_cred_create_for_socket(int fd)
 	/* get the credentials */
 	length = (socklen_t)(sizeof ucred);
 	rc = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &length);
-	if (rc < 0 || length != (socklen_t)(sizeof ucred)) {
+	if (rc < 0 || length != (socklen_t)(sizeof ucred) || !~ucred.uid) {
 #if !defined(NO_DEFAULT_PEERCRED)
-		if (!rc)
-			errno = EINVAL;
-		return NULL;
-#else
 		ucred.uid = DEFAULT_PEERCRED_UID;
 		ucred.gid = DEFAULT_PEERCRED_GID;
 		ucred.pid = DEFAULT_PEERCRED_PID;
+#else
+		if (!rc)
+			errno = EINVAL;
+		return NULL;
 #endif
 	}